package com.security.demo0928.config;

import com.security.demo0928.handler.FailAuthenticationHandler;
import com.security.demo0928.handler.SuccessAuthenticationHandler;
import com.security.demo0928.security.CustomUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @date 2020/9/29 10:32
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired
    private CustomUserService customUserService;

    @Autowired
    private FailAuthenticationHandler failAuthenticationHandler;

    @Autowired
    private SuccessAuthenticationHandler successAuthenticationHandler;

    /**
     * 授权
     * 请求授权的规则
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
//                “/” 任何权限都可以访问 “/user”和”/admin“ 需要ROLE_USER/ROLE_ADMIN权限才可以访问
                .antMatchers("/","/error","/toLogin").permitAll()
                .antMatchers("/user").hasAuthority("ROLE_USER")
                .antMatchers("/admin").hasAnyAuthority("ROLE_ADMIN")
                .anyRequest().authenticated()
                .and()
                    .formLogin()
//                自定义登录界面
                    .loginPage("/toLogin")
//                自定义登录接口的名字
                    .loginProcessingUrl("/authentication/form")
//                登录成功跳转到/setAuth
                    .successHandler(successAuthenticationHandler)
//                登录失败执行authenticationFailHandler
                    .failureHandler(failAuthenticationHandler)
//                登出成功跳转到/login
                    .loginProcessingUrl("/toLogin");
    }



    /**
     * 认证
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserService);
//
////        设置加密方式 （因为我没有设置加密算法，所以没有加密）
//        auth.userDetailsService(customUserService).passwordEncoder(passwordEncoder());

    }


    /**
     * 设置密码加密算法，加密方式应该与数据库加密算法一样
     * @return
     */
    @Bean
    public static PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

}